QwikSec

Security Database

CVE

CWE

Training

CVE-2016-7168

Published: Jan 5, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0

x_refsource_CONFIRM

https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8615

x_refsource_MISC

[oss-security] 20160908 Re: Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/

x_refsource_CONFIRM

https://codex.wordpress.org/Version_4.6.1

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20160908 Persistent Cross-Site Scripting vulnerability in WordPress due to unsafe processing of file names

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.